Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/internal/tlsconfig/tlsconfig_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/tlsconfig/tlsconfig_test.go')
-rw-r--r--internal/tlsconfig/tlsconfig_test.go71
1 files changed, 71 insertions, 0 deletions
diff --git a/internal/tlsconfig/tlsconfig_test.go b/internal/tlsconfig/tlsconfig_test.go
new file mode 100644
index 00000000..b4cf87ad
--- /dev/null
+++ b/internal/tlsconfig/tlsconfig_test.go
@@ -0,0 +1,71 @@
+package tlsconfig
+
+import (
+ "crypto/tls"
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+var cert = []byte(`-----BEGIN CERTIFICATE-----
+MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw
+DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow
+EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d
+7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B
+5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr
+BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1
+NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l
+Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc
+6MF9+Yw1Yy0t
+-----END CERTIFICATE-----`)
+
+var key = []byte(`-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49
+AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q
+EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==
+-----END EC PRIVATE KEY-----`)
+
+var getCertificate = func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
+ return nil, nil
+}
+
+func TestValidateTLSVersions(t *testing.T) {
+ tests := map[string]struct {
+ tlsMin string
+ tlsMax string
+ err string
+ }{
+ "invalid minimum TLS version": {tlsMin: "tls123", tlsMax: "", err: "Invalid minimum TLS version: tls123"},
+ "invalid maximum TLS version": {tlsMin: "", tlsMax: "tls123", err: "Invalid maximum TLS version: tls123"},
+ "TLS versions conflict": {tlsMin: "tls1.2", tlsMax: "tls1.1", err: "Invalid maximum TLS version: tls1.1; Should be at least tls1.2"},
+ }
+
+ for name, tc := range tests {
+ t.Run(name, func(t *testing.T) {
+ err := ValidateTLSVersions(tc.tlsMin, tc.tlsMax)
+ require.EqualError(t, err, tc.err)
+ })
+ }
+}
+
+func TestInvalidKeyPair(t *testing.T) {
+ _, err := Create([]byte(``), []byte(``), getCertificate, false, tls.VersionTLS11, tls.VersionTLS12)
+ require.EqualError(t, err, "tls: failed to find any PEM data in certificate input")
+}
+
+func TestInsecureCihers(t *testing.T) {
+ tlsConfig, err := Create(cert, key, getCertificate, true, tls.VersionTLS11, tls.VersionTLS12)
+ require.NoError(t, err)
+ require.False(t, tlsConfig.PreferServerCipherSuites)
+ require.Empty(t, tlsConfig.CipherSuites)
+}
+
+func TestCreate(t *testing.T) {
+ tlsConfig, err := Create(cert, key, getCertificate, false, tls.VersionTLS11, tls.VersionTLS12)
+ require.NoError(t, err)
+ require.IsType(t, getCertificate, tlsConfig.GetCertificate)
+ require.True(t, tlsConfig.PreferServerCipherSuites)
+ require.Equal(t, preferredCipherSuites, tlsConfig.CipherSuites)
+ require.Equal(t, tls.VersionTLS11, tlsConfig.MinVersion)
+ require.Equal(t, tls.VersionTLS12, tlsConfig.MaxVersion)
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 01:57:43 +0300